Privacy Policy

ForkMark ("we," "our," or "us") operates the ForkMark mobile and web app ("the App") — a personal restaurant journal with a friends-only recommendation feed and a dinner-roulette discovery picker. We're committed to protecting the privacy and security of your personal information. This policy explains what data we collect, how it's stored, who can see it, and the rights you have over it.

1. Scope

This Privacy Policy applies to:

• ForkMark mobile app — iOS and Android (TestFlight + Play Store beta, future general availability).
• ForkMark website — forkmark.app (marketing + legal pages).
• ForkMark beta portal — beta.forkmark.app (signup form + tester portal).
• ForkMark management console — manage.forkmark.app (admin tooling, not publicly accessible).

2. Data We Collect

Account info

• Required: email address and password. Authentication is handled by Firebase Authentication; we never see or store your password — Firebase salts and hashes it on its side.
• Optional profile fields: display name, chosen username, bio, home city, birthday, pronouns, dietary preferences, favorite cuisines, default privacy setting, social handles (Instagram, X, website).
• Internal identifier: on first sign-in we assign you an "FM identifier" (e.g. FM000000042). This is internal data used for backend lookups and is not displayed in the app.

Your content

• Journal entries. Restaurant name, rating, optional cuisine, notes, what you ordered, what you liked/disliked, would-return flag, photos, tags, location strings you enter. Journal entries are private by default — only you can read them.
• Try-list items. Places you want to visit later. Also private by default.
• Recommendations. When you explicitly publish a recommendation from a journal entry, the place name, your note, attached photos, and rating become visible only to your friends. The recommendation document stamps the list of friend user IDs allowed to read it; our database rules enforce that gate.
• Friends + friend requests. Outgoing and incoming friend requests, the accepted friends list (denormalized with each friend's display name, username, and photo URL so the UI doesn't have to re-fetch).
• Support tickets & beta feedback. When you contact support or submit beta feedback, we collect your message, the category, and diagnostic context (app version, build number, platform, device model) attached to the ticket so we can respond accurately.

Behavioral & diagnostic

• Location (only when you ask). Discover ("dinner roulette") can use your device GPS to find nearby restaurants. Location is used for that single search and is not stored on our servers or attached to your account. You can decline the permission and search by ZIP code instead.
• Crash & performance data. Via Firebase Crashlytics. Crash reports include stack traces and device class but never include journal content or other personal data.
• Anonymous usage analytics. Via Firebase Analytics. We log a small set of events (sign-up, friend added, recommendation published) and screen-view names. We don't log restaurant names, journal text, or message contents.

3. How Your Data Is Stored and Secured

• In transit: Every connection between the app and our servers uses HTTPS/TLS. Insecure HTTP is rejected.
• At rest: Cloud data is stored in Google Firebase (Firestore for structured data, Cloud Storage for photos). Firebase encrypts data at rest by default with industry-standard AES.
• Document-level access control: Firestore security rules enforce per-document ownership. Your journal entries and try-list items can only be read or written by you. Recommendations are gated by an explicit "visible to" list stamped at create time — friends you had when you posted, plus you. Photos are stored with owner-only ACLs except for shared recommendation photos and avatars (which are readable by signed-in users since they appear in friends' feeds).
• Authentication: Sign-in is email/password by default. Two-factor authentication via authenticator apps (TOTP) is wired and available for future enablement.
• Sign-out: Signing out terminates the Firestore offline cache and clears local persistence so a second user on the same device can't read leftover data.
• Backend operations: Sensitive multi-document mutations (friend accept/decline, FM identifier allocation, recommendation visibility cleanup on defriend) run server-side via Cloud Functions using the Firebase Admin SDK. This lets us keep client-side rules strict.
• Daily backups: Firestore is backed up daily with 14-day retention so we can recover from accidental deletes.

4. Who Can See What

• You only: your journal entries, try-list, profile drafts before save, support tickets, friend requests sent or received.
• You and your friends: your public profile (display name, username, photo, bio, home city, pronouns), recommendations you explicitly publish, photos attached to recommendations.
• Any signed-in user: public profile fields when searching by username; avatar photo URL (needed to render in friend cards and feed).
• The ForkMark team: only what you send in a support ticket or beta feedback, plus the high-level diagnostics attached. We do not browse user journals or recommendation feeds.
• Defriend behavior: when you remove a friend, a server-side trigger removes that person's user ID from the visibility list on every recommendation you posted while they were a friend, so they stop seeing your recs going forward. Conversely, recs that they posted are no longer visible to you (and aren't queryable). Recommendations posted to a since-defriended audience are not retroactively re-shared if you re-friend the person.

5. Third-Party Services

We rely on the following services to deliver the App. Each has its own privacy policy covering data they receive:

• Google Firebase — Authentication, Firestore database, Cloud Storage, Cloud Functions, Firebase Messaging (push), Crashlytics, and Analytics. Hosted on Google Cloud in the us-east4 region.
• Google AdMob — displays banner ads in the free tier of the app. AdMob may collect device identifiers (IDFA on iOS, advertising ID on Android) for ad personalization, subject to your device-level tracking preferences.
• Foursquare Places API — powers nearby-restaurant search in Discover. We send the search location (GPS coordinates or ZIP-resolved coordinates) and your filters (cuisine, distance, open-now) to Foursquare via our own proxy so the API key never ships in the app. Foursquare receives no user identity from us.
• OpenStreetMap (Overpass + Nominatim) — used as a fallback for restaurant discovery and ZIP-to-location geocoding. Same approach as Foursquare — coordinates and queries only, no identity.
• Apple App Store / Google Play — app distribution. If we introduce in-app purchases in the future, payment processing will happen entirely within Apple's or Google's billing systems; we will never see your card details.
• Email delivery — transactional emails (support replies, beta-status notifications) are queued in Firestore and sent via the Firebase "Trigger Email" extension using an SMTP relay we configure.

6. Sharing & Disclosure

We do not sell, rent, or share your personal data for marketing, advertising, or any other commercial purpose. Data leaves your account only in these limited circumstances:

• Friend visibility. Recommendations you publish are visible to the friends you stamped at publish time. Your public profile (display name, username, photo, bio) is visible to any signed-in user who searches for you by username so they can send a friend request.
• Service providers. Limited to the integrations in section 5 and only to deliver the features they power.
• Legal compliance. If we are required to disclose data by law, valid subpoena, or court order, we will. Where legally permitted we will notify you.
• Sale or acquisition. If ForkMark is acquired or merged, your data may transfer to the successor entity under the terms of this Privacy Policy. You'll be notified before any change.

7. Advertising

The current free version of the mobile app displays banner advertisements via Google AdMob. Ads help fund ongoing development during the beta and early launch. You can opt out of personalized advertising through your device's system settings — on iOS, decline the App Tracking Transparency prompt or set Privacy & Security → Tracking; on Android, opt out under Settings → Google → Ads. With personalization disabled you'll still see ads, but they won't be tailored to your inferred interests. We may introduce an ad-free paid tier in a future release.

8. Data Retention

• Your account and cloud data are retained for as long as your account is active.
• You can delete individual journal entries, try-list items, and recommendations at any time from inside the app.
• To delete your entire account, open Profile → Help & Support in the app and submit a ticket with category "Account", or email support@tournamentsense.com. We'll remove your profile, journal entries, try-list, recommendations, friend records, FM identifier mapping, support tickets, and uploaded photos within 30 days, except where law requires us to retain certain records (e.g. tax, fraud, or abuse investigations).
• Daily Firestore backups are retained for 14 days. If you delete your account, your data persists in those rotating backups until they age out (≤14 days post-deletion).
• Anonymous, aggregated analytics data may be retained longer; it cannot be tied back to you.

9. Children's Privacy

ForkMark is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, contact us at support@tournamentsense.com and we will delete it.

10. Your Rights

Depending on your jurisdiction (including residents of the EU, UK, and California), you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict processing.
• Request a portable copy of your data in a machine-readable format.
• Withdraw consent for any processing based on consent (without affecting prior lawful processing).

To exercise any of these rights, email support@tournamentsense.com. We'll respond within 30 days. We do not discriminate against users who exercise their privacy rights.

11. International Users

Our servers are operated in the United States (Google Cloud us-east4). If you use ForkMark from outside the U.S., your data will be transferred to and processed in the U.S., which may have different data-protection laws than your country of residence. By using the App you consent to this transfer.

12. Security Incident Notification

If we become aware of a security incident affecting your personal data, we will notify you and the appropriate regulators in accordance with applicable law (typically within 72 hours of confirming the incident).

13. Changes to This Policy

We may update this Privacy Policy from time to time. We'll post the updated version on this page with a revised "Last updated" date. For material changes — for example, new categories of data collected or new third-party services introduced — we'll also notify you in the app or via email. Continued use of the App after changes constitutes acceptance of the revised policy.

14. Contact Us

Questions, concerns, or requests about this Privacy Policy or how your data is handled? Email support@tournamentsense.com or open a support ticket from inside the app (Profile → Help & Support).